ok, me just one more time :D ....can you tell me where did you installed wireshack (i see linux but i dont know how :D ) and how did you captured (sniff) packets from router R2 interface ?? Tnx a lot, really...
With wireshark, it is just a standard install. In the setting of GNS3, it will ask you where you installed it, which lets you browse and identify where wireshark is installed.
For the capturing, in GNS3, right click on a link between two devices, and one of the options will be to capture the data. Remember to right click again later, to tell it to stop.
great vid bro, i love it and it helps me a lot...one question: where i can find Cisco TripleDES Cryptographic Software for 12.2 IOS 2600 cisco router, cuz i cant perform this in gns 3, im bloked on first step (crypto isakamp policy 1) :( ... ? tnx
I like the way you present, but you didn't share the ISP config. Is there a parameter we're not seeing that's beneficial if I wanted to mimic your lab in my environment? I've noticed even in a "3 router config" in gns3 my tunnels won't come up "unless" is use the "Ip host x.x.x.x host x.x.x.x" but that's no doing it right. I can do this on cisco hardware but not in gns3. Could you do "3 router ipsec tunnel" vid in gns3?
This will allow all the routers on the ISP side, know all the "global" addresses in your lab. Your edge routers should have a default route, that uses the IP address of the nearest ISP router as the default route's next hop. That is all there is to it.
Wow!!!. Im a Network Security Student and I really like your way of presenting.. easy to understand . Tough concepts are becoming easy from you Keith.
Well, I would wish that i could configure a VPN that quickly. I am impressed and will work on remembering the commands vs. checking my notes each time i attempt one.
Pretty fucking epic video : P, just a question would this be pretty much the same on 2 pix 515E running ios 7.0 and ios 8.0 ?? I just cant seem to get it to tho havent used this tutorial. But the thing making it hard is that i also i got a VPN setup for client and only one outside interface to apply to.
Hello, Keith, the Wireshark part of this Video made it really interesting. Really nice video. I'd really appreciate if you please let us know where/how to get all your videos on CCSP. Thanks a lot.
Hi Keith, great video. I have a quick question. Will it make a difference if the remote site from R4 is also a 10.0.0.0 /8 network as well. How will the packets know to go through the tunnel instead of just staying in the same network as R2 site.?
Local clients will use their default gateways. If the default gateways don't have routes to the specific 10.x.x.x networks, that exit out the interface where the crypto map is applied, then the traffic will never go through the tunnel. The longest match in a routing table, based on the packets destination address, will be used.
@CiscoJunkies i think you would have configure the 2 sites to be on separate subnets and configure your ACL to match the relevent subnets in order to ensure that the correct traffic was routed over the VPN.
Great questions! This IPSec tunnel will only support unicast traffic (no broadcast or multicast). If we wanted to support dynamic routing and multicast, we could create a GRE tunnel between the 2 sites, and then tell IPSec that the interesting traffic is GRE between the 2 sites, and then we would have the best of both worlds. A dynamic routing protocol can ride on top of the GRE, and the GRE tunnel will have it's own IP addresses, (which can also be private).
I was interested, what happens to the traffic behind the scenes? Will it also forward broadcast packets? Or for example what if I need the dynamic routing updates through the tunnel, is it just sufficient to add multicast IP range in acl? Also interested about cdp updates. Thanks :)
Due to me loosing my job and not having the money for the exams I gave up studying for the CCNP exams about a month ago. This video just made me want to start again...Like you, I too love VPN's
very good tutorial..thanks!
gkprasad100 1 week ago
seriously need to get ccna fast
brunobliss 2 weeks ago
ok, me just one more time :D ....can you tell me where did you installed wireshack (i see linux but i dont know how :D ) and how did you captured (sniff) packets from router R2 interface ?? Tnx a lot, really...
TheCorruptedFiles 3 weeks ago
@TheCorruptedFiles
With wireshark, it is just a standard install. In the setting of GNS3, it will ask you where you installed it, which lets you browse and identify where wireshark is installed.
For the capturing, in GNS3, right click on a link between two devices, and one of the options will be to capture the data. Remember to right click again later, to tell it to stop.
Best wishes,
Keith
Keith6783 3 weeks ago
after 3 days i finally made it :) ! one more time...great vid bro !!!!!
TheCorruptedFiles 3 weeks ago
great vid bro, i love it and it helps me a lot...one question: where i can find Cisco TripleDES Cryptographic Software for 12.2 IOS 2600 cisco router, cuz i cant perform this in gns 3, im bloked on first step (crypto isakamp policy 1) :( ... ? tnx
TheCorruptedFiles 3 weeks ago
I like the way you present, but you didn't share the ISP config. Is there a parameter we're not seeing that's beneficial if I wanted to mimic your lab in my environment? I've noticed even in a "3 router config" in gns3 my tunnels won't come up "unless" is use the "Ip host x.x.x.x host x.x.x.x" but that's no doing it right. I can do this on cisco hardware but not in gns3. Could you do "3 router ipsec tunnel" vid in gns3?
cyberpsych1 3 weeks ago
@cyberpsych1
For your ISP config, use the commands:
router ospf 1
network 0.0.0.0 255.255.255.255 area 0
end
This will allow all the routers on the ISP side, know all the "global" addresses in your lab. Your edge routers should have a default route, that uses the IP address of the nearest ISP router as the default route's next hop. That is all there is to it.
Let me know if that is helpful for you.
Cheers,
Keith
Keith6783 3 weeks ago
HI Mr.keith...Your video lecture is splendid , awesome...its worth watching for the beginners...
do u have any kind if ipsec troubleshooting video lectures ?
Nandri mr. keith...
vijay85cisco 1 month ago
@vijay85cisco
I don't have any troubleshooting videos on IPsec, but I think its a great idea. I will add that to my list.
Best wishes,
Keith
Keith6783 1 month ago
Awesome video Keith!
Matt Just
mattjustipx 1 month ago
Wow!!!. Im a Network Security Student and I really like your way of presenting.. easy to understand . Tough concepts are becoming easy from you Keith.
Thanks a lot..
crazylegend87 1 month ago
Well, I would wish that i could configure a VPN that quickly. I am impressed and will work on remembering the commands vs. checking my notes each time i attempt one.
Thank you for sharing your knowledge Keith.
crackatoe 2 months ago
This has been flagged as spam show
this video contains so much of usefull information, thanks for this :-)
TheBestMixBeats 2 months ago
@TheBestMixBeats
Thanks for your comments.
Best wishes
Keith
Keith6783 2 months ago
Comment removed
TheBestMixBeats 2 months ago
good video
raoali80 3 months ago
Pretty fucking epic video : P, just a question would this be pretty much the same on 2 pix 515E running ios 7.0 and ios 8.0 ?? I just cant seem to get it to tho havent used this tutorial. But the thing making it hard is that i also i got a VPN setup for client and only one outside interface to apply to.
wearfear 3 months ago
Brilliant video tutorial, love it
ucha19871 3 months ago 3
@ucha19871
Thanks for taking the time to post your comments. I appreciate it.
Best wishes,
Keith
Keith6783 3 months ago
@Keith6783
Hello, Keith, the Wireshark part of this Video made it really interesting. Really nice video. I'd really appreciate if you please let us know where/how to get all your videos on CCSP. Thanks a lot.
rahmanafmtj 3 months ago
@rahmanafmtj
All the free videos, related to CCSP (now updated to CCNP Security) are located on my YouTube channel here. The channel name is: Keith6783
Thanks,
Keith
Keith6783 3 months ago
Awesome video, I would love to see more videos in this series, as in vpn related videos..................
cb1573 5 months ago
another fantastic vid - thanks Keith! like a few others here i too would also be interested in DMVPN .... cheers!!
elpiegrandes 6 months ago
Hey Keith thanks for sharing your wisdom.
JP.
Thelastoracle79 7 months ago
Thanks Keith for sharing.. Informative video.. Can u share some videos for IPSec tunnel creation in ASA
Thank you
nizshaik 8 months ago
Thanks Keith!!! Really nice.
surya8180 8 months ago
@surya8180
Thanks for the kind words. I appreciate it.
Keith
Keith6783 8 months ago
Great tutorial!! You're a great teacher. I don't mean to be greedy, but would you do some videos regarding any or all of the below topics:
DMVPN
IOS Remote Access VPN
Easy VPN Server
Easy VPN Remote
xr71011 8 months ago
Hi Keith, great video. I have a quick question. Will it make a difference if the remote site from R4 is also a 10.0.0.0 /8 network as well. How will the packets know to go through the tunnel instead of just staying in the same network as R2 site.?
CiscoJunkies 9 months ago
@CiscoJunkies
Routing triggers the IPSec.
Local clients will use their default gateways. If the default gateways don't have routes to the specific 10.x.x.x networks, that exit out the interface where the crypto map is applied, then the traffic will never go through the tunnel. The longest match in a routing table, based on the packets destination address, will be used.
Thanks for the comment.
Keith6783 9 months ago
@CiscoJunkies i think you would have configure the 2 sites to be on separate subnets and configure your ACL to match the relevent subnets in order to ensure that the correct traffic was routed over the VPN.
tomfromdelmonte 9 months ago
Hi Keith, site-2-site IPSEC tutorial was great. Do you have EIGRP, BGP, OSPF, ISIS and subnetting tutorial.
maharshad 10 months ago
Hi Keith, site-2-site IPSEC tutorial was great. Do you have EIGRP, BGP, OSPF, ISIS and subnetting tutorial.
maharshad 10 months ago
XSFlanger-
Great questions! This IPSec tunnel will only support unicast traffic (no broadcast or multicast). If we wanted to support dynamic routing and multicast, we could create a GRE tunnel between the 2 sites, and then tell IPSec that the interesting traffic is GRE between the 2 sites, and then we would have the best of both worlds. A dynamic routing protocol can ride on top of the GRE, and the GRE tunnel will have it's own IP addresses, (which can also be private).
Keith
Keith6783 11 months ago
Thanks for sharing the knowledge :)
I was interested, what happens to the traffic behind the scenes? Will it also forward broadcast packets? Or for example what if I need the dynamic routing updates through the tunnel, is it just sufficient to add multicast IP range in acl? Also interested about cdp updates. Thanks :)
XSFlanger 11 months ago
snedie69er-
Thanks for the comment. If you have other specific topics you would like a video for, let me know, and I will see what I can do for you.
Best wishes, Keith
Keith6783 11 months ago
Due to me loosing my job and not having the money for the exams I gave up studying for the CCNP exams about a month ago. This video just made me want to start again...Like you, I too love VPN's
snedie69er 11 months ago